vm/appvm: add dispvm_allowed property

Speciffy whether DispVM can be created from this AppVM Fixes QubesOS/qubes-issues#2075
2017-03-21 12:46:51 +01:00 · 2017-03-21 12:46:51 +01:00 · 1c836531c7
commit 1c836531c7
parent e4e92b06af
2 changed files with 10 additions and 0 deletions
--- a/qubes/vm/appvm.py
+++ b/qubes/vm/appvm.py
@ -37,6 +37,12 @@ class AppVM(qubes.vm.qubesvm.QubesVM):
                                ls_width=31,
                                doc='Template, on which this AppVM is based.')

+    dispvm_allowed = qubes.property('dispvm_allowed',
+        type=bool,
+        default=False,
+        doc='Should this VM be allowed to start as Disposable VM'
+    )
+
    def __init__(self, app, xml, template=None, **kwargs):
        self.volume_config = {
            'root': {
--- a/qubes/vm/dispvm.py
+++ b/qubes/vm/dispvm.py
@ -136,6 +136,10 @@ class DispVM(qubes.vm.qubesvm.QubesVM):
        This method modifies :file:`qubes.xml` file.
        The qube returned is not started.
        '''
+        if not appvm.dispvm_allowed:
+            raise qubes.exc.QubesException(
+                'Refusing to start DispVM out of this AppVM, because '
+                'dispvm_allowed=False')
        app = appvm.app
        dispvm = app.add_new_vm(
            cls,